Security News > 2020 > November > QBot partners with Egregor ransomware in bot-fueled attacks
The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.
Since their launch in September 2020, Egregor has been one of the most active big game hunting ransomware operations currently active.
After the notorious Maze ransomware gang began shutting down their operation in September, many of their affiliates moved to the new Egregor operation.
While the ransomware has changed, Skulkin states that the tactics, techniques, and procedures currently used by Egregor are similar to the previous attacks with ProLock.
"The use of CobaltStike and QakBot are to watch when hunting for Egregor. More threat hunting and detection tips from Group-IB DFIR team as well as a detailed technical analysis of Egregor operations are available in Group-IB's blog," Skulkin offers as advice when defending against Egregor.
News URL
Related news
- Romanian energy supplier Electrica hit by ransomware attack (source)
- Ransomware attack hits leading heart surgery device maker (source)
- US sanctions Chinese firm for hacking firewalls in ransomware attacks (source)
- US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks (source)
- US Sanctions Chinese Cybersecurity Firm for 2020 Ransomware Attack (source)
- Starbucks, Supermarkets Targeted in Ransomware Attack (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
- Clop ransomware claims responsibility for Cleo data theft attacks (source)
- Rhode Island confirms data breach after Brain Cipher ransomware attack (source)
- Ascension: Health data of 5.6 million stolen in ransomware attack (source)